Updated verification options for tlog integrated time

Signed-off-by: Fredrik Skogman <[email protected]>
sigstore · Dec 21, 2023 · 79c2501 · 79c2501
1 parent 51f6dd9
commit 79c2501
Show file tree

Hide file tree

Showing 9 changed files with 225 additions and 157 deletions.
diff --git a/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json b/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json
@@ -230,7 +230,7 @@
             "properties": {
                 "threshold": {
                     "type": "integer",
-                    "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and SETs from a transparency log"
+                    "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log"
                 },
                 "disable": {
                     "type": "boolean",
@@ -269,10 +269,6 @@
                 "disable": {
                     "type": "boolean",
                     "description": "Disable verification for transparency logs."
-                },
-                "verifySet": {
-                    "type": "boolean",
-                    "description": "Verify SET indicates that the timestamp from the SET should be used when verifying the X.509 certifiacte chain. Note that inclusion promises (SETs) are optional in a bundle, and so requiring SET may render bundles invalid during verification if SET is not present."
                 }
             },
             "additionalProperties": false,

diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json
@@ -730,7 +730,7 @@
             "properties": {
                 "threshold": {
                     "type": "integer",
-                    "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and SETs from a transparency log"
+                    "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log"
                 },
                 "disable": {
                     "type": "boolean",
@@ -769,10 +769,6 @@
                 "disable": {
                     "type": "boolean",
                     "description": "Disable verification for transparency logs."
-                },
-                "verifySet": {
-                    "type": "boolean",
-                    "description": "Verify SET indicates that the timestamp from the SET should be used when verifying the X.509 certifiacte chain. Note that inclusion promises (SETs) are optional in a bundle, and so requiring SET may render bundles invalid during verification if SET is not present."
                 }
             },
             "additionalProperties": false,

diff --git a/gen/pb-go/verification/v1/sigstore_verification.pb.go b/gen/pb-go/verification/v1/sigstore_verification.pb.go
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py
diff --git a/gen/pb-ruby/lib/sigstore_verification_pb.rb b/gen/pb-ruby/lib/sigstore_verification_pb.rb
diff --git a/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json b/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json
@@ -230,7 +230,7 @@
             "properties": {
                 "threshold": {
                     "type": "integer",
-                    "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and SETs from a transparency log"
+                    "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log"
                 },
                 "disable": {
                     "type": "boolean",
@@ -269,10 +269,6 @@
                 "disable": {
                     "type": "boolean",
                     "description": "Disable verification for transparency logs."
-                },
-                "verifySet": {
-                    "type": "boolean",
-                    "description": "Verify SET indicates that the timestamp from the SET should be used when verifying the X.509 certifiacte chain. Note that inclusion promises (SETs) are optional in a bundle, and so requiring SET may render bundles invalid during verification if SET is not present."
                 }
             },
             "additionalProperties": false,

diff --git a/gen/pb-rust/schemas/Input.schema.json b/gen/pb-rust/schemas/Input.schema.json
@@ -730,7 +730,7 @@
             "properties": {
                 "threshold": {
                     "type": "integer",
-                    "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and SETs from a transparency log"
+                    "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log"
                 },
                 "disable": {
                     "type": "boolean",
@@ -769,10 +769,6 @@
                 "disable": {
                     "type": "boolean",
                     "description": "Disable verification for transparency logs."
-                },
-                "verifySet": {
-                    "type": "boolean",
-                    "description": "Verify SET indicates that the timestamp from the SET should be used when verifying the X.509 certifiacte chain. Note that inclusion promises (SETs) are optional in a bundle, and so requiring SET may render bundles invalid during verification if SET is not present."
                 }
             },
             "additionalProperties": false,

diff --git a/gen/pb-typescript/src/__generated__/sigstore_verification.ts b/gen/pb-typescript/src/__generated__/sigstore_verification.ts
diff --git a/protos/sigstore_verification.proto b/protos/sigstore_verification.proto
@@ -54,12 +54,6 @@ message ArtifactVerificationOptions {
                 bool perform_online_verification = 2;
                 // Disable verification for transparency logs.
                 bool disable = 3;
-                // Verify SET indicates that the timestamp from
-                // the SET should be used when verifying the X.509
-                // certificate chain. Note that inclusion promises (SETs)
-                // are optional in a bundle, and so requiring SET may render
-                // bundles invalid during verification if SET is not present.
-                bool verify_set = 4;
         }
         message CtlogOptions {
                 // The number of ct transparency logs the certificate must
@@ -78,10 +72,16 @@ message ArtifactVerificationOptions {
                 // Disable signed timestamp verification.
                 bool disable = 2;
         }
+        message TlogIntegratedTimestampOptions{
+                // The number of integrated timestamps that are expected.
+                int32 threshold = 1;
+                // Disable integrated timestamp verification.
+                bool disable = 2;
+        }
         message ObserverTimestampOptions {
                 // The number of external ovservers of the timestamp,
-                // this is a union of RFC3161 signed timestamps, and SETs
-                // from a transparency log
+                // this is a union of RFC3161 signed timestamps, and
+                // integrated timestamps from a transparency log
                 int32 threshold = 1;
                 // Disable signed timestamp verification.
                 bool disable = 2;